reboot-no-passphrase for systems with LUKS encrypted root filesystems

author James Bunton <jamesbunton@delx.net.au>

Fri, 30 Oct 2015 23:57:59 +0000 (10:57 +1100)

committer James Bunton <jamesbunton@delx.net.au>

Fri, 30 Oct 2015 23:57:59 +0000 (10:57 +1100)
author James Bunton <jamesbunton@delx.net.au>
Fri, 30 Oct 2015 23:57:59 +0000 (10:57 +1100)
committer James Bunton <jamesbunton@delx.net.au>
Fri, 30 Oct 2015 23:57:59 +0000 (10:57 +1100)
diff --git a/systemd/system/disable-crypto_keyfile.service b/systemd/system/disable-crypto_keyfile.service

new file mode 100644 (file)

index 0000000..7959532
--- /dev/null
+++ b/systemd/system/disable-crypto_keyfile.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Disable /root/crypto_keyfile.bin on every boot
+After=basic.target
+
+[Service]
+Type=oneshot
+ExecStart=cryptsetup luksRemoveKey /dev/disk/by-uuid/%i /crypto_keyfile.bin
+SuccessExitStatus=2
+
+[Install]
+WantedBy=basic.target
author	James Bunton <jamesbunton@delx.net.au>
	Fri, 30 Oct 2015 23:57:59 +0000 (10:57 +1100)
committer	James Bunton <jamesbunton@delx.net.au>
	Fri, 30 Oct 2015 23:57:59 +0000 (10:57 +1100)